• Join a team of talented, committed and passionate engineers, with a lot of product interaction. • Build the infrastructure, interfaces, and applications to provide first-class service to our members, health professionals, and even ourselves! • Protect sensitive health data and ensure our systems are resilient against threats. • Technical Foundations enables product crews and creates the environment to thrive. • Design, build and operate the authentication stack on top of our self-hosted identity provider. • Build, evolve and operate our end-to-end encryption component used by our Alan Clinic. • Contribute to the foundations to isolate and protect highly sensitive medical data without sacrificing usability or delivery speed. • Contribute to reinforce our security engineering practices (fixing security vulnerabilities, CI/CD, SAST/DAST, Infrastructure Security, AI/LLM Security, etc…).

• Contribute to hardware security architecture reviews for product platforms • Conduct threat modeling exercises for hardware and firmware components • Perform hands-on security assessments of hardware platforms • Develop firmware hardening recommendations and work with firmware engineering teams • Participate in incident response efforts for hardware and firmware security incidents • Develop and maintain automated security tooling for hardware and firmware analysis • Contribute to hardware security standards, policies, and procedures • Serve as a subject matter expert on hardware security within the product security team • Continuously research and evaluate emerging hardware security threats, technologies, and best practices • Perform occasional travel to support business operations

You. Better. With Alan. Alan is building a vertically integrated health partner that unites insurance and smart healthcare delivery into one seamless system. Our vision is to make prevention the new norm of care for all. Our mission: Help people live in good health to 100 while helping employers feel proud, turning health benefits from a cost centre into their most valuable investment. By connecting all aspects of care (private, public, and direct to consumer) we create the most member-centric healthcare experience, reducing claims costs while generating new monetization opportunities. We partner with tens of thousands of companies across France 🇫🇷, Spain 🇪🇸, Belgium 🇧🇪, and Canada 🇨🇦, serving over a million members. How we work: our Leadership Principles - Mission is the Boss — We think long-term and are methodical optimists who take risks, seeking our mission's success above all else. - Distributed Ownership — Accountable enlightened despots: everyone owns their decisions and results. - Radical Transparency — All information is accessible and written-first, so everyone can make the best decisions asynchronously. - Always Growing — Direct, positive, and caring feedback, combined with self-growth ownership. ⭐ The Engineering team ⭐ In our engineering team, we build the infrastructure, interfaces, and applications to provide first-class service to our members, health professionals, and even ourselves! Being an engineer at Alan means joining a team of talented, committed and passionate engineers, with a lot of product interaction. We move fast, with a lot of ownership, and are proud to tackle big problems! We do security as we do everything else — that is, not quite the traditional way, but always in line with our leadership principles. Joining Alan as a Security Software Engineer team means you're at the forefront of protecting sensitive health data and ensuring our systems are resilient against threats. Want to know more? Read this article on our Engineering career path. 🤖 The Application Security crew - within Tech Foundations area 🎯 Mission - Tech Foundations enables product crews and creates the environment to thrive—combining world-class infrastructure, intuitive developer experience, exquisite operational excellence, and built-in security to make shipping exceptional products effortless. - Application Security is one of its crews. Its mission: build, evolve and operate the foundational security building blocks and secure-by-default patterns that make Alan’s products safe by design, highly available, and easy to ship, while partnering with product teams and Security Operations to reduce real risk without turning security into a bottleneck. 🔭 Scope - Security core components in the product - Authentication - design, build and operate the authentication stack on top of our self-hosted identity provider. Our goal is to go passwordless with great UX and unblock strategic initiatives relying on this stack. - Encryption - build, evolve and operate our end-to-end encryption component used by our Alan Clinic while keeping it delightful and frictionless for our members. - Security platforms - Secure file exchange - evolve and operate our secure file exchange platform to unblock product/ops teams while bringing support when relevant. - Secure enclave for medical secrecy - contribute to the foundations to isolate and protect highly sensitive medical data without sacrificing usability or delivery speed. - Contribute to reinforce our security engineering practices (fixing security vulnerabilities, CI/CD, SAST/DAST, Infrastructure Security, AI/LLM Security, etc…). 👀 Focus for 2026: In 2026, we will grow the team significantly to further increase our impact. We want to complete the modernization of our authentication flows and make it operable at high availability, unlock strategic initiatives by shipping new authentication/encryption flows. We are also evolving our AI-augmented development, by putting AI code assistants as a first-class citizen for everyone, including non-engineers. Ultimately we have massive ambitions around our Security stack and posture with enhanced tools and processes to protect our developers and users. Experience we value - 3+ years in full-stack software engineering roles - Experience designing and building products, platforms, frameworks or libraries - You love turning complex problems into elegant secure solutions - You care about creating secure-by-design products while keeping delightful experiences Mindset we value - You treat security engineering as product work: engineers & members are your customers, and security should feel effortless. - You’re an enabler: collaborative, humble, and motivated by helping teams ship safely. - You’re hands-on: you write maintainable code, ship to production, and care about reliability, rollouts, and real-world operability. - You build reusable patterns: guardrails, libraries, and secure-by-default abstractions that prevent vulnerabilities at scale. - You’re fluent in English (French is a bonus). For this opportunity, we are aiming to hire within the C1 - F level range. But above all, we are looking for high potential and curiosity: make sure to show us this when you apply! Everything else is a bonus. 🌍 How we work - Location: You must be legally eligible to work in France, Belgium, or Spain. - Remote work: We offer remote work flexibility, but we value in-person collaboration 🎯 Important note: we hire people, not roles. If you're excited about this opportunity but don't check every box, we'd love to hear from you. Everyone, no matter how underrepresented, should feel free to apply, as it can only bring learnings or success. If you identify yourself as a woman: Did you know that research shows women often apply only when meeting 100% of requirements? Remember, this is just a guide, not a checklist. We'll be thrilled to receive your application! 🔖 Check out our About Alan and Career pages, as well as our Medium, blog and Glassdoor page for more info. You want to know more about Alan? - 🙌 Perks & Benefits: Alaners are provided with a stimulating environment and perks ensuring they are happy, efficient and spend only high-quality time with co-workers. - 🤘 A strong culture: People joining Alan are often surprised and delighted by our innovative working method. We have a set of cultural values that guide our approach to work 🔄 A quick note about the process Note: While you're applying for a specific area, you may join a different engineering team based on where we think you'll have the most impact. Check out descriptions of other areas here.

• Security Architecture & Design: Contribute to hardware security architecture reviews for product platforms, providing security input on secure boot chains, hardware roots of trust, trusted execution environments (TEEs), and cryptographic implementations. Evaluate silicon and SoC security properties through vendor assessment, datasheet review, black-box testing, and security characterization of off-the-shelf and custom components. Research and evaluate emerging hardware security technologies (e.g., confidential computing, post-quantum cryptographic hardware, hardware-backed attestation) and provide recommendations to the team. • Threat Modeling & Risk Assessment: Conduct threat modeling exercises for hardware and firmware components, identifying attack surfaces across the product stack. Perform security risk assessments for new and existing hardware designs, quantifying risk and recommending mitigations with clear priority and business context. Communicate hardware security tradeoffs clearly to engineering peers and product stakeholders. • Security Assessment & Testing: Perform hands-on security assessments of hardware platforms, including side-channel analysis, fault injection testing, firmware reverse engineering, and debug interface evaluation. Contribute to building and maintaining a hardware security testing methodology and lab environment, including tooling for automated and repeatable assessments. Participate in vulnerability management for hardware and firmware components, including coordinating disclosure, remediation tracking, and validation of fixes. • Firmware & Platform Security: Develop firmware hardening recommendations and work with firmware engineering teams to implement secure boot, firmware update integrity, tamper detection and runtime protection mechanisms across product platforms. Contribute to security standards for embedded systems, microcontrollers, and platform firmware across the product portfolio. Work with platform teams to review hardware-software interfaces (e.g., UEFI, BMC, TPM interactions) for security concerns. • Incident Response & Forensics: Participate in incident response efforts for hardware and firmware security incidents, contributing to investigation, root-cause analysis, and corrective action to prevent recurrence. • Tooling & Automation: Develop and maintain automated security tooling for hardware and firmware analysis, vulnerability scanning, and compliance validation. Contribute to defining security gates within CI/CD and build pipelines for firmware, working with DevOps and firmware teams to support automated enforcement before production release. • Standards, Policy & Compliance: Contribute to hardware security standards, policies, and procedures that align with industry frameworks (e.g., NIST SP 800-193, Common Criteria, FIPS 140, IEC 62443). Support product security certifications and compliance efforts where hardware security attestation is required. Stay current with the evolving hardware threat landscape, supply chain security concerns, and regulatory requirements. • Collaboration & Mentorship: Serve as a subject matter expert on hardware security within the product security team, providing technical guidance to engineering peers. Share knowledge and help develop junior team members' hardware security skills through assessment reviews and design reviews. Help drive adoption of hardware security best practices within your project scope through clear documentation and hands-on support. • Stay Ahead of Threats: Continuously research and evaluate emerging hardware security threats, technologies, and best practices to recommend new approaches and solutions. • Travel: This role requires up to 10% of travel within EMEA and North America